• Font Size:
  • S
  • M
  • L

Amendments

Title:

Regulations Governing Establishment of Internal Control Systems by Public Companies  CH

Amended Date: 2024.04.22 

Title: Regulations Governing Establishment of Internal Control Systems by Public Companies(2011.12.21)
Date:
Article 6     A public company's internal control systems shall comprise the following constituent elements:
  1. Control environment. Control environment is a composite factor that shapes an organizational culture and affects organization members’ awareness of control. Factors affecting control environment include the integrity, values, and ability of organization members; the oversight of the board of directors and supervisors; the management philosophy and operating style of the board of directors and managers; organizational structure, assignment of powers and duties, and human resources policies and the implementation thereof . The control environment is the foundation for the other constituent elements.
  2. Risk assessment. Risk assessment refers to the processes by which the company identifies internal and external factors that keep it from achieving its objectives and assesses their impact and probability. The risk assessment resultscan assist the company in designing, correcting, and operating necessary control activities in a timely manner.
  3. Control activities. Control activities refers to establishing a complete and sound control framework and adopting control procedures for all levels to help the board of directors and managers ensure that their instructions have been carried out. Control activities include policies and procedures such as those for approval, authorization, inspection, regulation, review, regular inventory taking, record reviews, division of function and powers, safeguard of physical security of assets, comparison with plans, budgets, or performance in previous periods, and supervision and management of subsidiaries.
  4. Information and communications. Information is the subject matter identified, measured, processed, and reported by information systems. It includes information, financial or non-financial, pertaining to the objectives of operational or financial reporting and compliance with applicable laws and regulations. Communications is the disclosure of information to relevant personnel, including internal and external communications of the company. Internal control systems must have mechanisms for generating information necessary for planning, implementation, and monitoring and providing timely information to those who need it.
  5. Monitoring. Monitoring is the process of self-inspecting the quality of internal control systems. It includes assessing the soundness of the control environment; whether risk assessment is timely and accurate; whether control activities are appropriate and accurate; and whether information and communication systems are functioning properly. Monitoring may be divided into continuous monitoring and individual assessments. The former refers to routine supervision during operations, while the latter refers to assessments conducted by different personnel such as internal auditors, supervisors, or the board of directors.
    A public company designing and operating its internal control systems or carrying out self-inspection, or a certified public accountant (CPA) retained to conduct a special audit of the company's internal control systems, shall fully consider the constituent elements enumerated in the preceding paragraph, and, in addition to the criteria prescribed by the Financial Supervisory Commission (FSC), Executive Yuan, shall add additional items as dictated by actual needs.
Article 8     In addition to control activities for different types of transaction cycles as set out in the preceding article, a public company shall include controls for the activities listed below in its internal control systems:
  1. management of the use of seals.
  2. management of the receipt and use of negotiable instruments.
  3. management of the budget.
  4. management of assets.
  5. management of endorsements and guarantees.
  6. management of liabilities, commitments, and contingencies.
  7. implementation of authorization and deputy systems.
  8. management of loans to others.
  9. management of financial and non-financial information.
  10. management of related party transactions.
  11. management of the procedures for preparation of financial statements.
  12. supervision and management of subsidiaries.
  13. management of operation of board meetings.
    The internal control system of a company whose stock is exchange-listed or traded over the counter shall also include controls over the following operations:
  1. Management of the operations of the remuneration committee.
  2. Management of the prevention of insider trading.
    The internal control system of a public company that is required by the FSC to adopt, or that is approved by the FSC for early adoption of, the International Financial Reporting Standards (IFRSs), shall include controls over the following operations:
  1. Management of the adoption of the International Financial Reporting Standards (IFRSs).
  2. The accounting professional judgment process and the process for changes in accounting policies and accounting estimates.
Article 13     A public company's internal audit unit shall formulate annual audit plans based on the results of the risk assessment, including matters to be audited monthly, and shall faithfully implement the annual audit plans, so as to check its internal control systems, and prepare audit reports, annexing working papers and relevant materials.
    A public company shall include as audit items in its annual audit plan for each year, at least, the control activities for major financial or business activities, such as for acquiring or disposing of assets, engaging in derivatives transactions, extending loans to others, granting endorsements or guarantees for others, supervision and management of subsidiaries, management of operation of board meetings, the items listed under Article 8, paragraph 3, information flow security inspection, and major transaction cycles set out in Article 7 such as the sale and receipt cycle and purchase and payment cycle.
    Each annual audit plan of a company whose stock is already listed or traded over-the-counter at securities firms shall also include management of the operations of the remuneration committee, in addition to the audit items of the preceding paragraph.
    A public company's annual audit plan, and any amendments thereto, shall be passed by the board of directors.
    Where a public company has established independent director position(s), when it submits the annual audit plan to the board of directors for deliberation under the preceding paragraph, the board of directors shall take into full consideration each independent director's opinions, and shall include their opinions in the board meeting minutes.
    The audit report referred to in paragraph 1, the working papers, and relevant information referred to therein shall be preserved for no less than five years.
Article 39     A public company shall execute at least the following control activities when supervising and managing its subsidiaries' business management:
  1. Establish an adequate organizational control structure between it and each subsidiary, including the methods to elect, and to appoint power and duties to, the subsidiary's directors, supervisors, and high-level managers.
  2. Set out overall business strategies, risk management policies, and guidelines applicable to it and its subsidiaries, as a basis for each subsidiary to map out business plan and risk management policies and procedures for relevant business operations.
  3. Set forth policies and procedures applicable to it and each subsidiary in relation to business segmentation, liaison regarding order placement, materials preparation methods, inventory allocation, conditions for accounts receivable and accounts payable, and account processing.
  4. Set forth policies and procedures for supervising each subsidiary's material financial and business matters such as business plan and budget, material investment and reinvestment in equipment, borrowings and debt, lending of funds to others, endorsement/guarantees, obligations and commitments, investment in securities and derivatives, important contracts, major changes in assets, and management of the adoption of the International Financial Reporting Standards (IFRSs), the accounting professional judgment process, and the process for changes in accounting policies and accounting estimates.
Article 43-1     A public company is advised to adopt appropriate risk management policies and procedures, and establish effective risk management mechanisms, to assess and monitor its risk-bearing capacity, and the current status of risk already incurred, and to determine its compliance with the risk response strategies and risk management procedures.
Article 45     These Regulations shall take force on the date of promulgation.
    The 21 December 2011 amendments shall take force 3 months after the date of issuance.